You are here

protected static function YamlFormNodeAccess::checkAccess in YAML Form 8

Check whether the user can access a node's form and/or submission.

Parameters

string $operation: Operation being performed.

string $entity_access: Entity access rule that needs to be checked.

\Drupal\node\NodeInterface $node: A node.

\Drupal\yamlform\YamlFormSubmissionInterface $yamlform_submission: A form submission.

\Drupal\Core\Session\AccountInterface $account: Run access checks for this account.

Return value

\Drupal\Core\Access\AccessResultInterface The access result.

2 calls to YamlFormNodeAccess::checkAccess()
YamlFormNodeAccess::checkYamlFormAccess in modules/yamlform_node/src/Access/YamlFormNodeAccess.php
Check whether the user can access a node's form.
YamlFormNodeAccess::checkYamlFormSubmissionAccess in modules/yamlform_node/src/Access/YamlFormNodeAccess.php
Check whether the user can access a node's form submission.

File

modules/yamlform_node/src/Access/YamlFormNodeAccess.php, line 72

Class

YamlFormNodeAccess
Defines the custom access control handler for the form node.

Namespace

Drupal\yamlform_node\Access

Code

protected static function checkAccess($operation, $entity_access, NodeInterface $node, YamlFormSubmissionInterface $yamlform_submission = NULL, AccountInterface $account = NULL) {

  // Check that the node has a valid form reference.
  if (!$node
    ->hasField('yamlform') || !$node->yamlform->entity) {
    return AccessResult::forbidden();
  }

  // Check that the form submission was created via the form node.
  if ($yamlform_submission && $yamlform_submission
    ->getSourceEntity() != $node) {
    return AccessResult::forbidden();
  }

  // Check the node operation.
  if ($operation && $node
    ->access($operation, $account)) {
    return AccessResult::allowed();
  }

  // Check entity access.
  if ($entity_access) {

    // Check entity access for the form.
    if (strpos($entity_access, 'yamlform.') === 0 && $node->yamlform->entity
      ->access(str_replace('yamlform.', '', $entity_access), $account)) {
      return AccessResult::allowed();
    }

    // Check entity access for the form submission.
    if (strpos($entity_access, 'yamlform_submission.') === 0 && $yamlform_submission
      ->access(str_replace('yamlform_submission.', '', $entity_access), $account)) {
      return AccessResult::allowed();
    }
  }
  return AccessResult::forbidden();
}